13th November 2020

EU AML Reform, Hong Kong and Virtual Assets, US and Human Trafficking

EU ministers endorse AML/CFT framework reforms, Hong Kong updates its approach to Virtual Assets, and crypto exchanges join US initiative to combat human trafficking.

We share our financial regulatory highlights from the week of 9 November 2020.

EU AML Reform Plan Progress

In the last week, the European Union’s (EU) finance ministers have reviewed proposals from the European Commission to reform the EU’s AML/CFT framework along more centralized lines. The Economic and Financial Affairs Council (ECOFIN) has endorsed the broad outlines of the proposed reforms, and the Commission is now expected to deliver more detailed legislative and regulatory plans in the first quarter of 2021. 

The Reform Plan is, according to the Commission, a response to the “fragmentation of rules, uneven supervision and limitations in…cooperation,” that currently exist in pan-European AML/CFT. First published in May 2020, and recently subject to an industry consultation, it sets out ‘six pillars’ for action: 

  • The effective implementation of existing EU Anti-Money Laundering Directives (AMLD);
  • A single AML/CFT rule book for the EU;
  • EU level supervision and regulation; 
  • Cooperation frameworks for national Financial Intelligence Units (FIUs); 
  • Better law enforcement agency information sharing; and 
  • Better global AML/CFT cooperation. 

The proposals generating the most attention so far are the proposed single rule-book and a centralized, Union-level approach to financial services’ oversight and regulation. 

Under the current EU-wide arrangements, successive AMLD have set minimum standards that individual member states are required to transpose into national laws and regulations and implement in practice. However, countries have had substantial freedom to vary how they interpret the directives, leading to a range of differing approaches that undermine the EU’s aim to provide a “level playing field.” 

There has also been an ongoing issue with member states transposing laws on schedule, and the most recent, the 5th AMLD – due to be transposed in January this year – is still not fully on the statute books in all member states. The 6th AMLD is due to be transposed by 3 December 2020. 

Under the Reform Plan, parts of the AMLD would be transferred into a regulation that would be directly applicable and binding on all member states, and would not require the current lengthy process of translation into national law. As a result, the future content of EU AML/CFT regulations is likely to become more detailed, granular, and prescriptive. Key areas likely of direct concern to obligated firms are likely to include: 

  • Customer Due Diligence (CDD) requirements; 
  • Provisions on Politically Exposed Persons (PEPs); 
  • AML/CFT record-keeping and controls obligations;
  • Suspicious transaction reporting; and 
  • Outsourcing of AML/CFT activities. 

The other controversial theme is the need for a supranational AML/CFT supervisor, who would be responsible for overseeing the implementation of the single rule book at a national level, with a particular focus on a “selected number of obliged entities that have high inherent money laundering or terrorist financing risk.” How this will work in practice is not clear as yet, and the Commission have noted that the supervisory role could be situated either in the European Banking Authority (EBA) or a completely new agency. 

The Commission has also noted the need to find better ways to share and use data both in the public and private sectors, and has prioritized the need to reconcile the stringent privacy requirements of the General Data Protection Regulation (GDPR) with the needs of the fight against financial crime. This is an issue well-known to many obligated businesses operating in the Union, and has been a common theme in replies to the EU consultation. 

As recognized by Olaf Scholz, German Finance Minister, there is an onus on the EU to demonstrate proactivity after a succession of recent AML banking scandals in the Baltic States, Scandinavia and Germany. Scholz commented that “recent alleged money laundering cases…underline the urgency to act. More harmonized rules and EU-level supervision will allow us to be more effective and to strengthen the EU’s anti-money laundering framework.”

The Reform Plan is indeed a welcome and necessary step forward from the perspectives of prevention and enforcement. A large part of criminals’ effectiveness comes from being able to disperse their activities across multiple financial institutions and jurisdictions, and any movement towards a more systemic overview of the European financial system will undermine that. 

It will also potentially have a beneficial effect on the implementation of AML/CFT rules for individual obligated entities, especially those that operate in more than one EU jurisdiction. Greater granularity and consistency will increase firms’ levels of comfort about what is expected of them, and will also reduce compliance costs and internal frictions. 

These changes remain some way off, however, and in the meantime, obligated firms will continue to need to follow the requirements of the pre-existing directives as transposed into national laws and regulations. As noted above, the key item on the agenda is the 6th AMLD, the requirements of which all obligated entities are required to meet by 3 June 2021 – just over six months away. If you would like to know more about what this directive might mean for your business, please take a look at our recent report. 

Hong Kong To Bring Virtual Assets Into Line

The government of Hong Kong has this month opened a three month consultation on new AML/CFT regulations for Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs). The centerpiece of the proposed changes would be the introduction of a licensing system for all VASPs. 

Up until now, there has been no mandatory license requirement for VASPs in the jurisdiction, with previous arrangements put in place last year allowing a much looser “opt-in” regulatory framework. Under the existing regime, only VAs categorized as ‘securities’ – digital representations of ownership of underlying assets or financial rights arising – were covered by AML/CFT regulations. 

According to Ashley Alder, head of the Hong Kong Securities and Futures Commission (SFC), this means that “if a platform operator is really determined to operate completely off the regulatory radar, it can do so simply by ensuring that its traded crypto assets are not within the legal definition of a security.” Speaking at the recent Hong Kong Fintech Week, Alder admitted that this had proved “a significant limitation.”

Under the new proposals, all VAs – what are referred to as both ‘Security’ and ‘Non-Security’ tokens – will require licensing and regulation by the SFC. This will mean that they will only be able to offer services to professional investors (defined by the SFC as an individual or entity with over HK$8 million (US$1.03 million) in assets). They will need, moreover, to ensure client protections with the proper segregation of assets, effective privacy and security measures around wallet keys, and controls to prevent market manipulation. Firms will also be required to undertake the full range of AML/CFT obligations around CDD, record keeping and reporting. 

The extension of coverage will include both platforms based and operating in Hong Kong itself, but also those based outside the territory and providing services to its residents. Ader commented that “once this new regime is in place all virtual asset trading platforms in Hong Kong would be supervised and monitored,” Alder said. “If they’re operating in Hong Kong, or target Hong Kong investors, they would need to apply for an SFC license. Failure to do so would of course be an offence.”

The proposed changes are partly a response to wider global regulatory pressures. As the official announcement of the consultation by Christopher Hui Ching-yu, the Secretary for Financial Services and the Treasury, states openly, “the legislative proposals are intended to bring Hong Kong’s regulatory regime…in line with the latest international requirements, as promulgated by the Financial Action Task Force (FATF).” As of last June last year, FATF, the international AML/CFT standards organization of which Hong Kong is a member, required jurisdictions to introduce mandatory licenses or registration for VASPs. 

However, the risks are not purely regulatory, and there have also been a number of recent cases of VA abuse linked to the Hong Kong market. BitMEX, one of the world’s leading crypto exchanges, is now under investigation by US authorities for infringement of the Bank Secrecy Act (BSA) and AML/CFT violations. Although registered in the Seychelles, the firm has been run from Hong Kong, where its recently indicted founder and former CEO, Arthur Hayes, is recorded as a resident. Another crypto exchange operating in Hong Kong, OKEx, also recently announced it would be suspending all customer cryptocurrency withdrawals, after the exchange’s founder, Xu Mingxing, was reported to be under investigation in mainland China.

According to Secretary Hui, the proposed changes are intended to bring greater certainty and credibility to the Hong Kong VA sector; “simply speaking,” he said “we will require all virtual-asset trading platforms to be operating transparently, like working under the sunlight.” 

These proposals are therefore a positive development for the jurisdiction, not only as the scope and scale of VA activity grows, but as other competing markets like Singapore and the US, and international organizations such as the EU, try to create their own certainties in the VA sector. Although lack of regulation and transparency might have been attractive to some in the short term, history suggests that long term growth occurs where trust and accountability are assured.

The full implementation of the proposals, if agreed, is likely to take some time. The consultation remains open for comment until 31 January 2021, with the Hong Kong administration planning to produce a bill before the Legislative Council later in the year. However, currently unregulated VASPs should not see this period of delay as an excuse to wait to make changes, but as an opportunity to get ahead. There is nothing stopping firms thinking through how they should approach these new challenges, and what controls and technology they will need in place. It is a corporate social responsibility to fight financial crime, and a regulatory advantage to do it well. It is never too early to start. 

Crypto Giants Join US Human Trafficking Initiative

Four major cryptocurrency exchanges, Coinbase, Paxful, Gemini and BitFinex have recently announced that they will be joining the Anti-Human Trafficking Cryptocurrency Consortium, or ATCC. The consortium was founded in April 2020 by the Anti-Human Trafficking Intelligence Initiative (ATII), a US based not-for-profit organization itself established in 2019.

Both ATII and ATCC are, according to their website, dedicated to combating “human trafficking by leveraging corporate social responsibilities directly through awareness, intelligence integration, technology advancement and strategic data collection.” Rather than simply act as pressure groups, the organizations have been keen to work directly with businesses who can help make a practical difference, aiming “to abolish labor and sex trafficking by hitting slave profiteers where they’ll hurt most.”

ATCC thus brings together VASPs, business intelligence firms and law enforcement agencies to share knowledge, information, expertise and best practice in fighting human trafficking, and to work together on new tools and technology to help enhance the monitoring and investigative capabilities of both the public and private sector.  Talking to Cointelegraph, Aaron Kahler, chair and founder of ATII, explained that the initiatives are “developing comprehensive programs, training, data and tools catered to combating the issue.”

The role of the crypto exchanges will primarily be monitoring transactions in order to detect potentially suspicious patterns of activity, the involvement of known ‘bad actors’ and keyword identification of activities potentially linked to human trafficking or child sexual exploitation. Where risks identified pass the legal threshold of concern, the exchanges will follow their BSA obligation to file Suspicious Activity Reports (SARs). However, ATCC is also looking to share strategic and typological intelligence across the consortium to help stakeholders improve their capacity to detect and disrupt these crimes. 

Pamela Clegg, director of financial investigations at CipherTrace, a VA intelligence firm and ATCC member, told Cointelegraph that they would be creating a “kind of central depository, where all kinds of data is gathered — not just crypto-related data. This information includes geographical locations, phone numbers and more that are associated with cryptocurrency addresses.”

The development of the consortium comes as the risks around the potential misuse of VAs in human trafficking remain proportionately small, but rising. An April 2020 assessment by Chainalysis, a VA intelligence company also involved in the ATCC, suggested that just under a million US dollars worth of Bitcoin (BTC) and Ethereum (ETH) transactions in 2019 could be connected to child sexual exploitation – a relatively small proportion of the $150 billion per year the International Labor Organization (ILO) calculated the human trafficking trade generated in 2014. 

Nonetheless, the problem appears to be growing, Chainanalysis’s 2019 figures showing a 32% increase on those from 2018. The US Treasury’s Financial Crimes Enforcement Network (FinCEN), the US FIU, has also recently issued an advisory warning of the potential misuse of VAs in human trafficking. The advisory provides examples of how this can occur, including the use of prepaid credit cards to purchase Bitcoin then used to pay for prostitution adverts on online marketplaces. 

The development of the ATCC shows how the VA sector can leverage the tools and approaches familiar to those dealing in fiat currencies to fight financial and related crimes. Arguably, VASPs are better placed than legacy financial services providers to undertake many of these activities because of the transparency provided by the Distributed Ledger Technology (DLT). In most instances, VAs have a fully auditable and publicly accessible log that can be used to track unusual transaction patterns, or the activities and connections of those already known to operate on the Dark Web. From both an ethical and technical perspective, there is no reason why VASPs cannot take the fight to the traffickers.

ATCC also demonstrates the value of partnership – both private-private and public-private – in fighting organized crime and protecting vulnerable individuals. The reality is that many of the most pernicious crimes are best understood and interdicted at a systemic level, when institutions work together. Criminals continue to rely on the fragmentation of the financial sector, old and new, to pursue their activities without detection. It is a clear responsibility for businesses to therefore do what they can to stop them, and financial innovation should be no impediment to that.